CVE-2019-17124

CRITICAL

Kramer VIAware 2.5.0719.1034 - Incorrect Access Control

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-17124. PoCs published by sharkmoos, hessandrew.

AI-analyzed exploit summary This exploit leverages an authenticated RCE vulnerability in Kramer VIAware 2.5.0719.1034 by writing arbitrary commands to a CGI script and executing them. It requires admin credentials to authenticate and then interacts with the target via HTTP requests.

Description

Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.

Exploits (2)

exploitdb WORKING POC

by sharkmoos · pythonremotehardware

https://www.exploit-db.com/exploits/50848

View Code ZIP pw:eip

This exploit leverages an authenticated RCE vulnerability in Kramer VIAware 2.5.0719.1034 by writing arbitrary commands to a CGI script and executing them. It requires admin credentials to authenticate and then interacts with the target via HTTP requests.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Kramer VIAware 2.5.0719.1034

Auth required

Prerequisites: Admin credentials · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 2 stars

by hessandrew · poc

https://github.com/hessandrew/CVE-2019-17124

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2019-17124, a remote code execution vulnerability in KRAMER VIAware 2.5.0719.1034. The vulnerability arises from improper session validation in the `browseSystemFiles.php` endpoint, allowing unauthenticated users to write arbitrary files to the server, including executable scripts in the Apache CGI-bin directory, leading to RCE with SYSTEM privileges.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: KRAMER VIAware 2.5.0719.1034

No auth needed

Prerequisites: Network access to the VIAware web service · Apache CGI-bin directory accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/hessandrew/CVE-2019-17124

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/166541/Kramer-VIAware-2.5.0719.1034-Remote-Code-Execution.html

Scores

CVSS v3 9.8

EPSS 0.2312

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

kramerav/viaware 2.5.0719.1034

Published Oct 09, 2019

Tracked Since Feb 18, 2026